computer science essay

Approaches For Detecting Attacks In Manet Computer Science Essay

Published: 23, March 2015

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In early age Mobile Ad-hoc Networks (MANETs), mostly used in military or emergency communications but now a day MANETs gain its popularity in all fields especially in business, educations, emergencies, healthcare etc. The popularity graph of MANET is incredibly increasing with the passing of time. Due to number of advantages such as no infrastructure, auto-managed, flexible, low power consumer, MANETs becoming the most demanding technology particularly in emergency or disaster management conditions. Some time MANETs pay more for their vulnerable features. Still the MANET technology and its protocols have numerous loopholes which are the honey pot for attackers. In MANET all node works separately like a router, some time these inside nodes involve malicious activities and some time outsider attacks on the network that's why the networks are mostly at risk of denial of service (DoS) attacks initiated through compromised nodes or intruders. To avoid such attacks some of cryptographic algorithms, key management schemes and security models are proposed but the technology is still highly insecure. Our goal here is to investigate the major security attacks, challenges, behavior of protocols and their proposed solutions. We also provide a comparative analysis on the basis of numerous proposed schemes for detecting and mitigating the attacks in MANET. In future we will work on the weakness in Ad-hoc On demand Distance Vector (AODV) Protocol.

Introduction

As the deployment of wireless networks are quicker, low cost, and number of ease to use, move business on wireless as contrast to traditional wired networks. Mostly wireless communication sets up in war, emergency conditions, security or intelligence zone but in-fact wireless communication inherently prone to attacks. Any node of wireless network can get attacks that come from all directions [13]. In other words, the wireless links and dynamic topology absolutely gives flexibility in deployment, but, on the other hand security is a main concern in wireless networks. The wireless channels are completely defenseless to various security attacks [15].Unlike the wired networks, the wireless networks face unique challenges, any wireless signal is subject to interception, jamming, false command disruption and highly vulnerable to security attacks. These issues create obstruction to the large scale deployments of wireless communications.

Wireless communications undergo with two main types of attackers that are inside attacker, outside attacker. An outside attacker has no particular access to the network, while an inside attacker has admittance to the encryption keys or other codes used by the network. Passive attackers only concerned in gathering sensitive data from the wireless network, this cooperation the privacy and secrecy requirements. In contrast the active attacker's goal is to interrupt the function of the network and degrade its performance. Other wireless attacks are DOS attack, Routing attack, Blackhole attack, wormhole attack etc. DOS is forced by other fields, such as security, dependability, performance and software engineering [20].

Although there are number of schemes proposed to secure wireless networks, but the technology is still highly apprehensive and vulnerable to attacks. Nearly all the proposed solutions concentrate on specific security problem but pay no attention to others, those which pull off low energy and memory burning up, compromise on the level of security. Majority of on demand routing protocols like AODV, are vulnerable during route discovery [13]. Thus there is a need for a model which fulfills all these issues with low cost and high security.

Issues and Problems

Wireless communication has emerged as a major breakthrough in traditional wired communications. It has changed messy wired world into a clean and flexible atmosphere. According to a well known adage, there is no unmixed good in this world; implementation of wireless network carries numerous performance and security issues. These issues include:

Current Security Models and Prevailing Attacks:

Different performance issues of wireless networks operation, administration and management are encountered due to improper security model. Many security schemes don't guard against some prevailing threats therefore Wireless networks shows lack of satisfactory guarantees on security, during communications. Some of proposed solutions for these issues are discuss below:

Majority of at hand wireless network security models are highly insecure and defenseless to active and passive attackers. The hybrid Wireless Intrusion System (WIDS) provides a model to combat the attackers. The model is based on three phases; data-set generation, IDS creation & test phases. For data-set generation, various types of files, for regular and attack types will be created. For IDS creation, a simple agent with five modules is designed. The first module sniffs the traffic & sends it either Anomaly or Misuse detection engines. If inputs are not handled by both engines, it sends it to probable attack module for precise examination. If the attack is detected the engine call the alarm module. Finally in test phase, used the data-set collected in the first phase to test the wireless intrusion detection agent in phase two [1].

Due to distributed nature and be short of globally trusted central establishment, the WMNs shows lack of satisfactory guarantees on security. Li Gao et al. [2] has deal with low-computational and scalable key managing model for WMNs. This key management model has three levels of key management, including key management protocols for mesh router pattern (RR), mesh client pattern (CC) & mesh router & mesh client pattern (RC). RR pattern is required highest level of security, may use efficient cryptography such as PKI, two-party Diffie-Hellman schemes. CC pattern is required low computation and reasonable level of security. Thus low computational cryptographic such as symmetric cryptography and threshold secrete sharing schemes may be use. RC pattern can be in between RR and CC pattern. These three models fit in to group communication models [2].

Ana Paula [3] proposed a decentralized Intrusion Detection System (IDS) model that fits the demands and limitations of WSNs. The model is based on three phases. Phase-1 perform data acquisition. Only those messages are filtered and store which useful to the rule application phase. Phase- 2 is rule application, each extracted messages from phase 1 is estimated according to a sequence of rules precise to each message type. If a message unsuccessful in one of the rules, failure counters is incremented and discard the message, otherwise message is discarded from data-structure list. Intrusion detection is perform in Phase-3, that checks if round-failure value is greater than cumulative value or not, in case of greater value, then signal attack indication is generated [3]. Sidra et al [4] defined distributed dynamically configurable firewall architecture for Mobile Ad-hoc Networks (MANETs). The model has three internal data structures that are firewall table, Reject list & black list. Firewall table is used to maintain the entries of data flow for each new establish connection with five columns containing source & destination address, number of packets arrived, threshold and life time of each entry. If number of packets crosses the threshold limit then incoming packets for that entry will be blocked by the firewall, which will be deleted from table if life time exceeds. If for any entry in the firewall table, number of packets arrived is greater than threshold and lifetime exceeds then it will be place it in the reject list with double lifetime and threshold value will decrease. Blacklist hold entries of those nodes which maintain its entry in the reject list five times [4].

Another security model for MANETs is proposed by L.Prema [5], named Enhancement on Intrusion Detection Systems for Ad-hoc Networks (EIDAN). The EIDAN architecture model has four logical components. First component is Traffic Interception Module, confines the incoming traffic from the network & selects which of these packets should be more examines. Event Generation Module is accountable for abstracting the necessary information essential for the attack analysis module. Attack Analysis module checks the presence of attacks, if attack is present then send these malicious packets to counter measure module. Finally the Counter Measure Module is responsible for taking any further action on packets. Either the packets are dropped or taking some actions on malicious packets comes from the attack analysis module [5].

Current Wireless Protocols and Their Limitations:

The wireless communications survivability relates to wireless communication protection mechanism and robustness of their protocols. Majority of protocols associated with wireless, prone to attacks especially in hostile environments. Intruder easily breaks their security schemes. Some of proposed solutions for these issues are discuss below:

Current communication protocols of routing, MAC and physical layers are not fulfilling major communication issues in WMNs. Sahil Seth et al. [6] studied and suggested to redesign the protocols at each layer, keeping current research issues in mind. The author has deduced the research issues of physical layer as new wideband transmission scheme is required to achieve high transmission rate. New signal processing algorithms are required; optimize the hardware design so as to decrease cost. The MAC layer issues are describe as an effective channel allocation in multi-hop is needed. Advanced bridging functions must be developed for heterogeneous environment in MAC layer. The current research issues in routing layer are describe as the scalable routing is a critical requirement for WMNs. Lightweight but efficient routing protocols are required. Integrate routing and network coding is still a challenge for researchers [6].

Multicast protocols for ad hoc networks undergo security challenges. In [7], P.Sankareswary proposed a security extension to deal with the selfish nodes attack on MAODV. He explains that, the Source node broadcast the RREQs packet that goes by on all the ways from that source node. The RREQs received by target node, forwards the RREPs by using the reverse route. If the RREPs arrive from the trustworthy intermediate node, starts to send data. Otherwise ask for further request. If the node is detected to be wicked node by the two hop acknowledgement mechanism then to provide solution to attack, perform secure message transmission [7].

Ms. Divya et.al [8] has proposed modified Hybrid Wireless Mesh Protocol (HWMP), to overcome the issue of authentication and integrity. Proposed routing protocol guarantees that the communication between any two ends should be secure enough. HWMP routing information element comprises of two types of fields, mutable and non-mutable. In customized HWMP the existing key allocation is used and mutable fields are valid in the hop-by-hop manner using the hash tree concept. To protect non-mutable fields symmetric encryption is used [8].

The reliable transport layer protocols for wireless communications are not ensure reliability in harsh environment. Pump slowly Fetch Quickly Protocol doesn't deal with the lost full message problem. Also nodes cancel their scheduled transmission of given fragment if they listen by their neighbor that the fragment being transmitted 4 times. Weaknesses in Distributed TCP Caching is if a SACK list several lost fragments, so an invader can forge and infuse another SACK that acknowledges all lost fragments. With this particular packet, he can provoke several fragment losses. Reliable Bursty Convergecast protocol is supported block ACK; it is probable to acknowledge each fragment piled up by a node in one ACK. Upon the reception of packet, the node will fully empty its cache, which can direct to fragment losses with high probability [9].

Dr.Sami et al [10] defined Path Redundancy based Security Algorithm (PRSA) for securing routing protocols in WSNs. The PRSA algorithm first read network topology and find the optimum routing path. Check for disjoint paths. If no disjoint path found, remove every other node in the path and its link otherwise remove the nodes of previous path. Now select a suspected node and removes the suspected node and its links. Find optimum routing path, if number of routing paths less than the maximum numbers of routing path, then increment number of paths and again check for disjoint paths [10].

Security Issues and Attacks in Wireless Communications

Attack is a crack to achieve illegal access to resources, or the attempt to cooperation reliability, availability, or confidentiality [20]. As the deployment of wireless networks are not follow any particular infrastructure, due to the flexible topology wireless communication suffer varieties of security attacks. Some of these attacks are as follows:

Wormhole Attack:

In a wormhole attack, adversaries collaborate to offer a low-latency side-channel for communication. The wormhole attack can disrupt the wireless networks, particularly location-based wireless security system and ad-hoc network routing protocols. Few proposed solutions are discussed below:

Mahdi Taheri et el. [11] proposed a mechanism named Multipath Routing, for detecting and defending against wormhole attacks. He considers two types of channel, one for signaling with one link and other for user data with n-1 link. The original message is divided into n-1 parts with unique identifier. Generate a random number X such that 1<X<= (n-1), to be sent on one of n-channel. The codes parts in pairs using XOR technique associated to X. Every arrangement is sent over one of the channel, the Xth part is sent in simple text that will be the begin point for receiver to uncover other parts [11].

Other proposed scheme for the same problem is Wormhole Attack Prevention (WAP) [12]. In this scheme neighbor node monitoring is used to find out the neighbors. Suppose node A sends RREQ, which initiates a wormhole prevention timer, node B attains the RREQ, B have to broadcast to its neighbors as B is not a target. A check whether the RREQ arrives at within the timer. If A obtains the message after the timer ends, it considers B or one of B's next nodes may be wormhole nodes. In order to keep away from wormhole, nodes watch the malicious activities of neighbors and maintain it into their own neighbor node table [12].

Blackhole Attack:

The wicked node abuse the ad-hoc routing protocol (like AODV), to announce itself as having a legitimate route to a destination node, although the route is false, with the objective of interrupting and pertaining to the packets that never forward. Blackhole attacks especially disrupt the routing protocols to upsets network performance and reliability. Few techniques are discussed below, to mitigate Blackhole attack.

Source node broadcasts route request then receive route replay. If route replay is different from audit data, save route to routing table and start to sending packets while the size of buffer is not zero. But if route replay is same as audit data, discard route replay and check for another route replay. The pre-collected set of glitch activities, termed as audit data. The audit data is composed and is supply to the IDAD system that is competent to evaluate every action of a host with audit data on a fly. If any action of a host be alike to the actions listed in the audit data, then the IDAD system separates the particular node by forbidding further interaction [13].

S.Bajwa and Khalid Khan et al. [14] has proposed GBHASM scheme for mobile ad-hoc networks. The model is based on two components, the first component has the explanation regarding how new node will become a part of network also performs the operation of communication. Server entertains request packet from new joining node. It responds with relationship acknowledgement to node and stay for the approval from the node. If node doesn't replay within a time then the server rejects the joining request if not it throws its information. The received information as of new-joining node is kept in the database also allocates Node Code (NC) Pkk1 and Pkk2. The second component handles the communication action within the network. Later than becoming a part of the network, node make request for shortest path through pkk2 with packet. Each node will match pkk1 to pkk2, if its key matches within a time than the information will be released, otherwise time to live (TTL) of packet, force it to become meaningless [14].

Flooding Attack:

A flooding attack overcomes a victim's inadequate resources, whether bandwidth, memory or processing cycles. Majority of the reactive protocols can easily get flooding attacks during their route finding process. Few proposed schemes for handling this attack, are discussing below. In [15] defined a scheme based on three threshold values i.e. friends, acquaintances & strangers. If a node sent or received plenty of messages to or from any node X, then it's consider as friend node of X & put the highest value of threshold. If a node sent/received few messages from node X, consider this node as acquaintance and place it threshold value less than friend. And if a node never sent/received any message to/from node X, its consider as stranger and put its threshold value very low. Now suppose a node sends RREQ to its friend node, if RREQ value is less than the maximum threshold value, then RREQ is forwarded otherwise it discarded. If a node sends RREQ to its acquaintance node, if RREQ value is less than its threshold, the RREQ forwards otherwise discards. Same rule will be applied in case of Stanger node. The threshold values are considered as friend > acquaintance > stranger [15].

Ping Yi et al. [16] Proposed Flooding Attack Prevention (FAP), a general defense against the Ad Hoc Flooding Attack. The scheme based on neighbor suppression. The main idea of neighbor suppression is that each neighbor calculates the rate of RREQ originated by intruder. If the rate exceeds some threshold, all neighbors will not receive and forward packets from intruder. Every node has to maintain two tables Rate-RREQ & Blacklist. The Rate-RREQ has two columns: Node-ID and RREQ-time. If a node receives a RREQ, it looks up the node ID in the table of Rate-RREQ, to ensure who is requesting. Find node ID and increment RREQ-time field by 1. If RREQ-time is greater than the threshold value, put node ID into Blacklist [16].

As in AODV the node set outs RREQ packet according to FIFO rule. In flooding attack prevention scheme [17], the FIFO has changed with rule of priority. Nodes maintain the priority & threshold for its neighbor node. The node priority is inversely proportion with RREQ frequency. If RREQ frequency of attacker increases by threshold value, the node will not entertain further RREQ from the attacker node. This technique is called Neighbor Suppression, which uses to mitigate RREQ flooding attack. For data flooding attack, path cutoff scheme is uses. The attacker has established a path from the invader to victim node ahead. Once the victim locates the DATA Flooding Attack, the path can be cut off from the attacker [17].

Fig. 3: neighbor nodes isolate attacker [17]

S. Li et al. [18] proposed Avoiding Mistaken Transmission Table (AMTT) scheme to combat Flooding attack. Each node establishes an AMTT table to record received RREQ packages and other fields. When one node wants to send package to any other node, it floods RREQ package. Each node receiving this RREQ fills the fields of its AMTT table, sets the RREQ Num field as 1. Now whenever receives a RREQ with the same node, the RREQ Num value increases by 1. The destination node receive RREQ, it fills AMTT table & sends RREP package. Other node checks it validity and if found legitimate, they start to search their AMTTs, and put equivalent item's validity indication as 1 or else they discard this RREP. When two nodes finish their communication, source node will send RANC (route announcement) to other intermediate nodes, all nodes receives RANC will delete corresponding items in their AMTTS table [18].

Flooding attack mitigation scheme present [19] describe as for every node, it observes the neighbor's packets generated during an interval. The Packets are dropped if the rates of transmission packets are exceeded from threshold limit i.e. 'Î±'. But if the same neighbor exceeds 'Î±' by blacklist-threshold 'Î²' then it is consider as flooding node. Now put this node to blacklist as a flooder and discarded all packets comes from flooded neighbor node. The node continuous monitors the behavior of blacklisted neighbor node in the successive periods. The blacklisted node has to show gentle behavior for 'Î³' interval or whitelist-threshold to turn into white-listed. Given the blacklisted neighbor is experienced to be gentle, the observing node then whitelists the neighbor and starts to forward the packets for the neighbor [19].

DOS Attack:

Denial of service attack can attempt to flood a network, thereby preventing legitimate network traffic and prevent a particular individual from accessing a service. With the inherent resource limitations and vulnerabilities of WSN devices, they can easily catch attacks specially Denial-of-Service (DOS) attack.

In [20] author survey different attack especially DOS attack to discover the attacker, his capabilities, purpose of the attack and the end result. He studied that Jamming is intentional intrusion with radio reception to deny the target. Spread-spectrum techniques can be used to overcome jamming problem. The intruder can damage, destroy or tamper the sensor nodes, camouflaging the packaging & using low-probability of intercept radio techniques, can mitigate these problems. An attacker can deliberately cause collisions, error correcting codes can be use to avoid attack. In selective forwarding sensor device can only neglect to forward certain messages, multiple disjoint routing paths and diversity coding can be use to overcome this problem. In wormhole attack, enemies collaborate to offer a low-latency side-channel for communication packets are totally controlled by these two adversaries. Packet leashes scheme can be use to overcome this problem [20].

In this study, different problem domains and their proposed solutions are presented. It is observed that, if a scheme is performing well, it may have some overhead or it may be non- reliable. Comparing proposed solutions in a tabular form with respect to their performance, security, control overhead, cost & reliability may provide us a dash board in understanding the effectiveness of a scheme. Different parameters of a solution are being rated, in the table, with a numeric value ranging 1 to 20 according to its effectiveness. (Survey papers are not including in table 2)

Multipath Routing

Wormhole Attack Prevention (WAP)

No. scheme has no special hardware or cryptography. only energy inefficient

Yes

Yes

Wormhole attack

Intrusion Detection using Anomaly Detection (IDAD) scheme

No. scheme minimizes the number

of extra routing packets.

Yes

Yes

black hole attack

The extent of friendship between the nodes.

Check the paper studied last night??????

No. malicious packets are still present in network

No

Flooding attack

Flooding Attack Prevention (FAP)

Yes. Scheme has little overload.

No. fail to resist corporative work of two or more attacking nodes

X

Ad-hoc Flooding attack

Avoiding Mistaken Transmission Table(AMTT)

Yes. The use of tables will slow down the communication process.

No. fail to work on more link

Flooding attack

Novel technique to deal with flooding attacks

No.

Yes

yes

Flooding attack

Conclusion and Future work

In this paper, we looked into the security issues, attacks and challenges in wireless communications. We have divided our studies into three sub-domain i.e. security models, vulnerability in current protocols and wireless attacks. Major issues focused in this paper incorporate the continuity of environment monitoring, limitation and vulnerabilities of sensors networks, the ad-hoc communication scheme, and the security scheme that protects against large number of attacks including DoS, Wormhole attacks, Blackhole, flooding attacks etc. we also discussed some security model for protection against attacks, these mechanisms still have limitations, which are discussed in this paper. The contribution of this paper is to spell out the current security threats and other correlated issues in wireless communications. In this paper we also discussed the proposed solutions which may offer a new way of thinking towards the solution space.

Future research in the area of vulnerabilities in current security models in wireless networks would concentrate on intelligent agents to enhance the precision of intrusion detection rate and replace static threshold values with dynamic values.

Future research in the area of current wireless protocols would concentrate on higher transmission with low-cost, flexible and lesser energy consumption, which is still a challenging open issue. Also all current intrusion detection schemes discover attacks only by in view of the single layer but no intrusion detection method exists for wireless mesh environments.

Future research in the area of security issues and attacks would concentrate on network-based IDS as all proposed IDS uses host-based IDS schema.

Our experts can help you with your essay question

Writing Services

Essay Writing Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing Service

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.

Request Removal

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal: